diff options
| author | Georg Richter <georg@mariadb.com> | 2021-06-30 10:39:54 +0200 |
|---|---|---|
| committer | Georg Richter <georg@mariadb.com> | 2021-06-30 10:39:54 +0200 |
| commit | 9df098cf885ae16fa092aefc724b49b9a1f85f04 (patch) | |
| tree | d5d2a57a1c9c5fc625d501b11719d2ac750b93a8 /mysql-test/main/MDEV-26015.test | |
| parent | 63e9a05440953bf451ebe1cd808ca445e4c7634e (diff) | |
| download | mariadb-git-9df098cf885ae16fa092aefc724b49b9a1f85f04.tar.gz | |
MDEV-26015: Set DH param automaticallybb-10.6-MDEV-26015
So far MariaDB Server creates a DH (Diffie Hellman) parameter with a
fixed length (= 2048). This leads to the limitation that, for example, the
use of a DHE cipher suite requires a server certificate with an RSA key
of the same length.
To remedy this, the DH parameter is now automatically set by OpenSSL or WolfSSL
during the TLS handshake (taking into account the key length used
of the server certificate).
While WoldSSL supports this by default, OpenSSL has to activate this using the
SSL_CTX_set_dh_auto macro. OpenSSL versions < 1.0.2 doesn't support this feature
and use the previous implementation with a DH parameter with a fixed size.
Diffstat (limited to 'mysql-test/main/MDEV-26015.test')
| -rw-r--r-- | mysql-test/main/MDEV-26015.test | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/mysql-test/main/MDEV-26015.test b/mysql-test/main/MDEV-26015.test new file mode 100644 index 00000000000..ed2f9b38345 --- /dev/null +++ b/mysql-test/main/MDEV-26015.test @@ -0,0 +1,11 @@ +# Tests for SSL connections, only run if mysqld is compiled +# with support for SSL. + +-- source include/have_ssl_communication.inc + +# +# MDEV-26015 - using DHE cipher will fail if DH public key size doesn't match +# RSA key size of server certificate +# +--exec $MYSQL -uroot --ssl-cipher=DHE-RSA-AES128-SHA256 --tls_version=TLSv1.2 -e"show status like 'ssl_cipher'" 2>&1 + |